Loading...

TR-65 - Vulnerabilities and Exploitation of Log4j (Remote code injection in Log4j)

blog-thumb

CVE-2021-44228 vulnerability enables remote code injection on systems running Log4j. The attacker has to trigger a log entry generation containing a JNDI request. The vulnerability can be exploited without authentication. The exploit needs to be processed by Log4j. Impacted Log4j versions are: 2.0 to 2.14.1.

CIRCL has issued TR-65 - Vulnerabilities and Exploitation of Log4j (Remote code injection in Log4j) and will regularly update it.